Tasks with no end date

I’m in a dilemma that I need a ‘best practice’ solution for.

Let’s take Trend Automatic Update task for instance. I want this task to apply to all PCs at all times. I have it pushed dynamically to all endpoints so that any new endpoint falls into the scope. This task runs indefinitely. We have been told to never run tasks under the Master Operator because this increases the Master Action Site size. So we’ve been running these Policy tasks under our non-master operator accounts.

Running the health checks, this gets flagged as a “warning” and shows the user account and the actions that have no end dates. Along with that, if there is ever a need to delete\recreate the operator for corruption issues, all of the issued actions under that site are stopped. Logically this makes sense, but it just seems risky to have very important policy actions be at the mercy of an opsite.

What is the best practice to push a policy action without flagging under health checks or being deleted when the opsite is recreated? Maybe this is just the way it’s supposed to work? I’m sure there is something I’m just not seeing here.

Thanks

1 Like

The best practice advice about not creating too many objects as a Master Operator is very valid – Endpoint Manager performance does suffer when the Master Action Site gets too big. However, in this case, the only way to accomplish what you want (having the policy action stick around even if you delete the operator that created it) is to use a Master Operator to take the action.

As with many best practices, it’s not black or white. It’s important to understand the risks, but as long as you don’t put too many actions in the Master Action Site you should be ok.